Jump to content
Sniper

MB anti ransom detected nothing

Recommended Posts

Hi, We tested your product in our test server after being hit by a ransom ware virus a couple of days ago.

The product says it is running and protection is on.

 

we ran the downloaded zip from the offending scam email and it proceeded to encrypt the test files we had on the machine and when it was complete windows defender detected it which was too late of course,but the malwarebytes had no idea it was running and gave no alerts and picked up zero in quarantine:(

 

Regards

Tony

Share this post


Link to post
Share on other sites
39 minutes ago, Sniper said:

Hi, We tested your product in our test server after being hit by a ransom ware virus a couple of days ago.

The product says it is running and protection is on.

 

we ran the downloaded zip from the offending scam email and it proceeded to encrypt the test files we had on the machine and when it was complete windows defender detected it which was too late of course,but the malwarebytes had no idea it was running and gave no alerts and picked up zero in quarantine:(

 

Regards

Tony

Ooops, this is a bad thing.  I was trying to find what this MBARansom does, how it works (like in a black box); this is bad news!!

Share this post


Link to post
Share on other sites

Hello Sniper and :welcome:

Does a possibility exist that you are not using Malwarebytes Anti-Ransomware for Business edition on your test server and that instead, you may have been using the Home/Consumer Beta8/development program version?  Also, that unique variant of ransomware, your test server encountered, may not be widely known yet.

I strongly recommend you browse to the Malwarebytes' File Detections sub-forum and carefully read the 2nd locked/pinned topic there, followed by a submission of the ransomware scam email for expert analysis.

Thank you for your interest in Malwarebytes' Anti-Ransomware offerings.

Share this post


Link to post
Share on other sites

I just tried the link again to the infected zip download and windows defender blocked it before I could download it so it looks like defender has updated its definitions and is now detecting it.

 

The strain of virus is Trojan:JS/Jesigat.A!cl

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.